Your data is our business so we take every step to safeguard it. Automated controls ensure your data remains protected.
Security in our DNA
We build and maintain automated security solutions through a mix of proprietary and best in breed solutions.
We select for and cultivate a culture of security awareness, placing the utmost emphasis on data security and privacy.
We challenge assumptions about security and compliance best practices, pushing for optimal over sufficient.
Audited and certified
Fathom retained a leading Certified Public Accounting firm based on their world-class team of auditors and information security experts to conduct a thorough audit to verify Fathom's HIPAA and SOC 2 Type 2 compliance.
HIPAA Compliance audits are designed to assess an organization’s risk management and regulatory compliance effectiveness. This includes the evaluation of the administrative, physical, and technical safeguards as they relate to the electronic protected health information (ePHI) an organization creates, receives, processes, maintains, and/or transmits; as well as the evaluation of the organization’s policies, procedures, and overall readiness to manage a breach of protected health information (PHI) in accordance with the notification requirements.
SOC 2 Type 2
Developed by the AICPA, SOC 2 is specifically designed for service providers storing customer data in the cloud. SOC 2 requires companies to establish and follow strict information security policies and procedures, encompassing the security, availability, processing, integrity, and confidentiality of customer data. SOC 2 ensures that a company’s information security measures are in line with the unique parameters of today’s cloud requirements.
POLICY AND PROCEDURES
A holistic approach to ensuring security of your data
Fathom's systems drive excellence in security and compliance across all aspects of the organization.
Data privacy and management
Threat and vulnerability management
How to report security vulnerabilities to Fathom
We welcome reports from security researchers and experts about possible security vulnerabilities within our system. We are particularly interested in hearing about vulnerabilities that impact the confidentiality or integrity of protected health information, and have the potential to impact a large number of people.
If you believe you have discovered a possible security vulnerability, please file a report with our security team including information and detailed instructions about how to reproduce the issue. You can file your report by sending an email to firstname.lastname@example.org.